Health care is becoming increasingly digital – from regular mental health appointments to hospital inpatient examinations – clinicians are seeing more and more of their patients remotely.
While the benefits of widespread telemedicine are numerous, there are potential privacy and security risks that come along too. To combat these risks, you must take extra precautions to protect your home, your personal and family information, and your patients’ information.
Your patients’ privacy is only as secure as your home network. The HIPAA Security Rule mandates that clinicians safeguard the privacy of each individual’s electronic personal health information (PHI).
How do you make your home’s cybersecurity as safe as possible? By focusing on these six areas.
1. Device Security
Nearly every home has an array of devices — smartphones, tablets, computers, and home automation devices — each of which with software weaknesses that are targeted by hackers.
Many of these devices are always listening, particularly with voice activation. If you’ve ever been speaking and Alexa or Siri suddenly responded for no apparent reason, you understand what we mean!
The best way to ensure your safety is to:
- Be aware of any voice-activated devices in your home that are close enough to hear your conversations
- Turn off voice-activated settings while at work or during confidential conversations
2. Router Security
Everyone with an internet connection has a router. It is the main access point to your network and all the connected devices, which makes it a prime target for hackers.
Keep your router protected by:
- Changing the wi-fi network name (don’t use your family name – e.g., Jones Home)
- Creating a guest wi-fi network that requires a password to join
- Performing software updates when available by your service provider (e.g. AT&T)
Face it, passwords are the bane of every internet user’s existence. We forget them all the time, which is why we tend to use the same one routinely. That’s a worst-case practice, which can lead to tragic consequences.
While it is true that you must make passwords secure and easy to remember, writing them down on a Post-It note or in Notepad on your computer is not the best way to store and protect those passwords.
A recommendation to create a password that is not easily guessable by hackers is to pick your favorite line from a movie, song, or book, shorten it, and write it in a unique way. You could use a mix of lowercase and uppercase letters, add numbers, and special characters (e.g., !, &, @, $).
Try to avoid re-using passwords for multiple purposes. If one of your passwords is hacked, you do not want hackers to have the ability to access more of your information.
While creating a password that’s not easily guessable is important, it’s equally as important to store the passwords safely. A best practice is to use a password management application. The most common applications are LastPass, 1Password, and True Key.
4. Security Questions
As multi-factor authentication is becoming more of an industry standard, company websites are starting to require security questions to verify password changes and account access. However, many of the answers you will likely provide are available with just a little social media research.
When asked to set up security questions, try not to use legitimate information about yourself. If asked for a maiden name, provide the last name of your favorite cartoon character. An important tip to remember is this question/answer challenge is focused on your ability to provide the correct answer, not on confirming if the answer is true or not.
5. Social Engineering
Be alert and watch for people trying to gain access to your information. Hackers are consistently looking for effective ways to gain access to our information. Commonly, social engineering is defined as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
The most common types of social engineering include:
- Phishing – fake emails requesting an action to gain access to your computer
- Vishing – fake phone calls, including spoofed caller IDs, to gain access to your phone
- Smishing – fake SMS text messages to gain access to your phone
6. Software Updates
Software vendors publish application updates based on a number of factors. A few of the factors are the need to fix a software weakness or a feature enhancement. Software applications running a version that has been a successful target for hackers are the general targets for hackers to gain access to your information.
The recommendation is to be on the lookout for software updates and install the updates as soon as possible. Ensure the software update is coming from the vendor and not from a third party.
Telemedicine helps skilled clinicians expand their reach, making it more convenient for patients to receive care. With the appropriate focus on information protection, we can comfortably deliver a quality service to our industry and patients.